Software Security Lead – Reporting to: Software Security Manager Role Mission The Software Security Lead operates under the direction of the Software Security Manager, who owns and Key Responsibilities 1. Software Security Governance & Standardization - Execute the Secure SDLC framework defined by the Software Security Manager. - Contribute to the evolution of security policies, standards, and development guidelines. - Support project teams in applying secure coding, design, and architectural best practices. - Maintain security documentation, templates, and technical guidance. 2. CI/CD Security & DevSecOps Integration - Integrate security controls into CI/CD pipelines in cooperation with DevOps teams. - Automate SAST, DAST, SCA, dependency scanning, and container security checks. - Ensure CI/CD environments remain compliant with the Secure SDLC and PCInDSS requirements. 3. Risk Analysis, PCInDSS Compliance & Audits - Support the Software Security Manager in implementing PCInDSS development controls. - Prepare engineering teams for internal, partner, and external audits. - Maintain compliance evidence and ensure traceability of security activities. 4. Vulnerability Lifecycle Management - Lead vulnerability detection, analysis, triage, and remediation activities. - Monitor SLAs, escalate blockers, and ensure closure of findings as per internal expectations. - Contribute to security incident analysis and corrective action plans. 5. Team Enablement & Security Awareness - Train development, QA, and DevOps teams on secure coding and SSDLC best practices. - Promote security awareness and proactive risk identification across the business unit - Act as the first line of technical support for software security questions and escalations. Required Skills Technical Skills - Strong understanding of application security frameworks (OWASP, CWE, NIST SSDF). - Handsnon experience with SAST, DAST, SCA, container scanning, secrets management. - Familiarity with technology stack (Java, C, UNIX, PowerCARD ecosystem). - Strong understanding of DevOps toolchains and multi-site CI/CD operations. Security & Compliance Skills - Practical experience implementing SSDLC and DevSecOps principles. - Knowledge of PCInDSS v4.0 requirements related to software development. - Experience managing vulnerability lifecycle and coordinating with technical teams. - Ability to support audits, compliance reporting, and corrective actions. Leadership & Cross-Functional Skills - Effective communication with technical teams and management. - Ability to influence, challenge, and coach teams. - Strong analytical skills and structured problemnsolving. - Excellent teamwork across multiple company locations. Profile - Master’s degree in Computer Science, Cybersecurity, Engineering, or equivalent. - 8–12 years in application security, DevSecOps, or secure architecture roles. - Experience in payments or regulated industries is a strong plus. Key Performance Indicators (KPIs) - Vulnerability remediation SLA performance. - PCInDSS compliance readiness and audit outcomes. - Security control integration coverage in CI/CD pipelines. - Reduction of repeated vulnerabilities. - SSDLC adoption and maturity. - Quality of reporting to the Software Security Manager. Scope & Collaboration - Daily collaboration with Development, QA, DevOps, Cybersecurity, Infrastructure, Project & Product teams. - Influence across the entire business unit.